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Are Fintechs Regulator Ready? 
Part IIl: Compliance 


Broadridge’s Ken Tays explores the OCC’s new 
operational charter and how it will impact fintech 
companies. This is the third article in the series. 


In July 2018, the Office of the Comptroller of the Currency (OCC) updated within the 
Licensing Charter Supplement a new charter specifically applicable to fintech companies. T 
he updated charter allows fintech companies to operate on a national basis and take in non- 
FDIC-insured deposits, which will put them on the same competitive playing field as other 
state and national banks. The July 31, 2018, OCC policy states that these companies will face 
the same regulatory scrutiny as banks of similar size and complexity. In particular, the OCC 
highlighted “capital, liquidity and risk management.” This is the third article in this series. 


As fintech companies begin to explore an application for an OCC charter, they will need 
review their compliance department to ensure it meets the requirements in 12 CFR 30 
Appendix A, which state that an institution should have internal controls and information 
systems that are commensurate to the size of the institution and the nature, scope and risk 
of its activities, and that provide for: 





+ An organizational structure that establishes clear lines of authority 
and responsibility for monitoring adherence to established policies; 

+ Effective risk assessment; 

+ Timely and accurate financial, operational and regulatory reports; 

+ Adequate procedures to safeguard and manage assets; and 

+ Compliance with applicable laws and regulations 
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Ready for Next 


Presently fintech companies are regulated by the states and 
even by the Consumer Financial Protection Bureau (CFPB) 

from a compliance standpoint. Fintechs will generally have 
requisite controls in place to ensure they are abiding by the laws 
pertaining to consumer lending and Section 5 of the FTC Act for 
unfair, deceptive or abusive practices (UDAAP). When it comes 
to migrating to a federal banking charter, fintech companies 
should experience little change in regulatory oversight. 


However, the OCC handbook for Compliance/Anti-Money 
Laundering (AML) indicates that the regulator expects the 
company to have a Compliance Management System (CMS), 
which the handbook indicates would include “policy, procedure, 
processes, monitoring and testing programs and a compliance 
audit function.” Fintech companies may need to enhance their 
CMS in order to meet these regulatory requirements. 


The OCC handbook outlines the minimal requirements for an 
adequate CMS. Please note that the CMS must be tailored to the 
size and complexity of the organization. 


Board and Management Oversight 


e Oversight and commitment, including oversight of third parties 
+ Change management 

e Comprehension, identification and management of risks 

+ Self-identification and corrective action 


Fintech companies may need to focus change management, 
self-identification and corrective actions. Management will need 
a demonstrated process in place that identifies when regulations 
are changing, how they assess the business impact, and action- 
plan formulation and execution. Fintech companies may have 
less formal processes in place that will need to be supported 
with a sound structure. 


Broadridge, a global fintech leader with over $4 billion in annual revenue listed on the 
S&P 500 index, provides communications, technology, data and analytics. We help 


Management will need to ensure they have an effective check 
and challenge process that includes an annual Compliance 
Monitoring Plan. These plans need to include effective testing as 
well as remediation and verification. As with audit, regulators will 
expect this testing to be fully documented and all conclusions 
fully supported. 


Consumer Compliance Program 


e Policies and procedures 

e Consumer compliance training 
e Monitoring and audit 

+ Consumer complaint response 


Many fintech companies will already have implemented each 

of these areas to some extent. However, they may need to 
expand them to fully cover the organization. While policies 

and procedures may be fully developed, compliance training 
may not be as complete as required. Regulators will not only 
review completion and attendance logs, they also will review the 
material to ensure it contains the most up-to-date information. 


When it comes to meeting the requirements of 12 CFR 30 
Appendix A, compliance is most likely an area in which fintechs 
may need the least work. Nonetheless, companies applying for a 
charter will need to review their compliance programs to ensure 
they can meet the CMS requirements in the OCC handbook. 
Given the type of lending in which many fintech companies 
engage, a well-established and fully supported CMS will be 
required to ensure the company complies with all laws and 
regulations. 
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